Adobe Systems issued a security bulletin Tuesday concerning the discovery of a critical vulnerability in Flash Player 10.3 and earlier versions. This memory-corruption flaw may cause computing devices to crash and potentially allow an attacker to take control of the operating system. "There are reports that this vulnerability is being exploited in the wild in targeted attacks via malicious web pages," the software maker said.
Adobe expects to release a Flash Player update later this week for computers running the Windows, Mac, Linux and Solaris operating systems. It noted that Chrome browser users will automatically receive the new update since Google's browser includes Flash Player as a built-in feature.
Adobe's advisory was unusual in that it also covers smartphones, tablets and other mobile devices running Google's Android OS. Still, vulnerability patching is "a fact of life for any software that runs on connected machines today," noted Al Hilwa, director of applications software development at IDC.
A Mobile Exploit
Heavily used online software like Flash and web browsers get more than their fair share of issues in this space, Hilwa observed. Moreover, exploits are "often platform-specific and with most attacks targeted at desktop platforms, which have the greatest deployments and surface area," he said.
By contrast, mobile devices are more locked down and susceptible to different forms of malware, data corruption, and theft, Hilwa noted. "Having said that, Android -- which is the only mobile platform cited in this vulnerability -- has a variety of issues today."
As Sprint's new deal with Lookout Mobile Security demonstrates, U.S. wireless carriers are paying attention to the security issues that their mobile subscribers may face. However, Hilwa doesn't see Adobe's forthcoming critical patch for Android mobile devices having any effect on how the carriers and mobile-device makers perceive Flash.
"I think carriers and OEMs understand the risks of the general maturity of mobile-device software and the trade-offs they present," Hilwa said. "I don't think this affects Flash in a unique way."
New AIR Tool
Adobe also issued a separate security bulletin Tuesday covering a number of critical vulnerabilities in Adobe Reader X for machines running Windows and Apple's Mac OS X. Users are advised to update to the latest available version of Adobe Reader now available on the software maker's web site. "These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system," Adobe noted.
Meanwhile, Adobe has just released optimized versions of its AIR runtime -- a multi-platform development tool available for desktops, most new tablets, and both Apple's iOS and Google's Android mobile operating systems. Though Flash doesn't run on iOS, Flash developers have actually been catering to iOS for some time through the AIR runtime, Hilwa observed.
The Adobe folks are truly persistent in continuing to improve Flash and AIR for mobile platforms, Hilwa observed. "Even in a world of quickly multiplying platforms and form factors, they appear to be broadening their reach to as many platforms as makes sense, thereby slowly but surely carving Adobe a place as a leading multi-platform mobile development environment," he explained.
No comments:
Post a Comment